Intel® SGX Attestation Service Utilizing Enhanced Privacy ID (EPID)

The Intel SGX attestation service is a public web service operated by Intel for client-based privacy focused usages on PCs or workstations. The primary responsibility of the Intel SGX attestation service is to verify attestation evidence submitted by relying parties. The Intel SGX attestation service utilizes Enhanced Privacy ID (EPID) provisioning, in which an Intel processor is given a unique signing key belonging to an EPID group. During attestation, the quote containing the processor’s provisioned EPID signature is validated, establishing that it was signed by a member of a valid EPID group. A commercial use license is required for any SGX application running in production mode accessing the Intel SGX attestation service.

Enroll in Intel SGX Attestation Service

One of the key decisions when subscribing to the Intel SGX attestation service is the mode chosen for the EPID signature, Random Base Mode or Name Base Mode. Additional background on EPID signature modes as well as provisioning and attestation services, please see this white paper.

Linkable Quotes (Name Base Mode): A name is picked for the base to be used for a signature, making signatures linkable. Verifying two signatures enables you to tell whether they were generated from the same or different signers. Name Base Mode is preferred to protect against compromise.

Unlinkable Quotes (Random Base Mode): Every signature gets a different random base, making the signatures unlinkable. Verifying two signatures does not enable you to tell whether they were generated by the same or different signers.

The Intel® SGX Services Terms of Use govern your use of these services except where we expressly state that separate terms (and not these) apply. By using our services, you are agreeing to these terms. Make sure you read them carefully.

API Documentation

Attestation Report Root CA Certificate: DER PEM

Sign In or Sign Up

A valid user account is required to subscribe to these services. User accounts are administered and maintained by Intel(R) Developer Zone. When subscribing to Intel(R) SGX Services, it is highly recommended to register a special account utilizing a public distribution list. The email address utilized for registration will be the single point of contact for any notifications, including updates, new features, availability, downtime, or subscription revocation.

Development Access

Subscribe now for immediate access to the development environment where non-production Intel SGX enabled applications can test attestation functionality in debug mode prior to releasing to production.

Production Access

Once a commercial use license has been executed and your application/solution has been added to the Launch Policy List (if applicable), you just need to Subscribe for production access. Once your subscription is activated you will be able to utilize the production version of the Intel SGX attestation service. For more information on these required steps, refer to our Commercial License Request page on Intel Developer Zone.

Note a completed commercial use license is required before a subscription to this product can be added. When subscribing to this product, it is highly recommended that the subscription account utilizes a public distribution list as the email address used when subscribing will be the single point of contact for any notifications, including updates, new features, availability, downtime, or subscription revocation.